cbcvebase.
CVE-2008-0632
published 2008-02-06

CVE-2008-0632: Unrestricted file upload vulnerability in cp_upload_image.php in LightBlog 9.5 allows remote attackers to execute arbitrary code by uploading a file with an…

PriorityP258critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
6.36%
92.8th percentile
Unrestricted file upload vulnerability in cp_upload_image.php in LightBlog 9.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the blog's root directory.

Affected

1 ranges
VendorProductVersion rangeFixed in
lightbloglightblog

Detection & IOCsextracted from sources · hover to see the quote

pathcp_upload_image.php
urlhttp://localhost/light/images/shell.php
path/images/shell.php
  • Monitor for unauthenticated POST requests to cp_upload_image.php, especially those uploading files with executable extensions (e.g., .php).
  • Alert on direct HTTP GET requests to files with executable extensions (e.g., .php) under the blog's /images/ directory, which may indicate post-upload webshell access.
  • Search for LightBlog installations exposed to the internet using the Google dork: "Powered by LightBlog".
  • ·The PoC uses localhost paths; in real deployments, the blog root and /images/ directory path will vary. Detections should be adapted to match the actual installation path.
  • ·The vulnerability affects LightBlog version 9.5 specifically; a vendor patch was issued. Verify version before applying detections to avoid false positives on patched installs.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.